[Firewall] Arno's script and openVPN

Dear all,
I am trying to figure out how to best organize openVPN access fro the
wilderness.
Currently i have a virtual machine set up for this having respective
port forward on the router (protected by Arno's script).
I am still not decided whether to keep it as is or to move openVPN to
the router.
In order to have openVPN working, I have the following iptables rules
set up on the VM (10.8.0.0/24 being the virtual network for the
outside users):
iptables -v -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -v -A INPUT -s 10.8.0.0/24 -j ACCEPT
iptables -v -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -v -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -v -A FORWARD -i eth0 -o tun0 -j ACCEPT
How could look the same additional rules (what has to be set up) in
case I decide to move it to the router with Arno's script? For the
case of router - i have to build a mutual trust between tun and
internal IF (eth1, for example), haven't I?
Janis